border_management.pdf

WHITE PAPER

A EUROPEAN APPROACH TO

BORDER MANAGEMENT

November 2009

Version 1.0

Border Control Working Group - BORDER MANAGEMENT subWG

EOS White Paper on Border Management

Version 1.0 – November 2009 Page | 2

Table of Contents

Executive Summary ............................................................................................ 3

Introduction........................................................................................................ 4

Gaps and Needs .................................................................................................. 5 Proposals for a Change: EOS recommendations .................................................. 9

Recommendation 1 – Create a public-private “EU Border Checks Task Force” to

examine ways and means to develop a harmonised approach to EU border checks and

prepare the introduction of a “one-stop integrated border control concept” ................ 9

Recommendation 2 – Create an EU funded Programme to design, develop and

implement an Integrated Management system for regulated Borders, leveraging on

the suggestions of the “EU Border Checks Task Force” .............................................. 10

Recommendation 3 – Design & Development of a EU architecture for Border checks,

consisting of EU Reference Solutions and Building Blocks .......................................... 11

Recommendation 4 – Support the interoperability and the standardisation of border

management tools and processes in order to foster the efficiency of the process of

information sharing between MS................................................................................ 12

Recommendation 5 – Support progressive implementation of EU Integrated Border

Management activities and of an EU architecture for Border checks with components

of EU Reference Solutions .......................................................................................... 12

Roadmap .......................................................................................................... 113 About EOS 15

EOS‟ competence ................................................................................................. 17

ANNEX

Annex I - Background 19 Annex II - Current Tools for Border Checks in the European Union 19

Annex III – Main EU legislative measures ............................................................. 25 Annex IV – Border crossing points and border crossing .......................................... 26



Executive Summary

The free movement of people and goods across European internal borders is one of the greatest

achievements of European integration. While Member States remain responsible for controlling

their own borders, an European policy for Integrated Border Management is critical to harmonize

the diverse legislation corpus, operational approach and technical capabilities.

Since the Schengen Treaty (1985) several large scale programmes have paved the way towards

the creation of an integrated approach for the management of the EU Borders, for instance,

Schengen Information System (SIS) I and II, and the Visa Information System (VIS).

Although national sovereignty is a critical consideration there remain opportunities to increase

the number of common initiatives, as proposed in the EC communications (February 2008) for

the “next steps in border management in the European Union”.

The integrated management of EU Borders will increasingly rely upon the exchange of information

(both for checks and surveillance) with increasing needs for coordination and

interoperability between national systems and networks, possibly leveraging common

information system architectures and procedures.

Similar large scale IT systems have been deployed, overcoming significant political and technical

hurdles, in other non-EU countries (e.g. US). However, in the complex EU scenario,

implementation issues may be even larger given the variety of cultural and legal differences as

well as the non-trivial technical and operational constraints linked to the existence of different

legacy systems and networks.

In addition, the matter of sovereignty and local points of intense operational activity, provide

constraints that need to be overcome to achieve any successful integrated approach. A one-stop

border control system should aim to improve interoperability between Member States and allow

them to seamlessly share information, whilst at the same time provide the flexibility to allow

border agencies to apply local rules and deploy resources to tackle their own priorities as well as

EU-wide issues.

In order to improve the security of border management in Europe and facilitate the

legitimate free movement of people and goods, EOS recommends:

1 The creation of a public-private “EU Border Checks Task Force” to examine ways

and means to develop a harmonised approach to EU border checks and prepare the

introduction of a “one-stop integrated border control concept”

2 The creation of an EU funded Programme to design, develop and implement an

Integrated Management system for regulated Borders, leveraging on the

suggestions of the “EU Border Checks Task Force”

3 To support the design & development of an EU architecture for Border checks,

consisting of EU Reference Solutions and Building Blocks

4 To enhance the interoperability and the standardisation of border management

tools and processes in order to foster the efficiency of the process of information

sharing between MS

5 To support progressive implementation of EU Integrated Border Management

activities and of an EU architecture for Border checks with EU Reference Solutions



Introduction

Passenger flows at the external borders of the EU have been steadily growing, a trend likely to

continue for the foreseeable future, and combined with the increasing mobility of EU citizens this

is presenting enormous challenges for Members States (MS). Despite the vast majority of citizens

being granted entry in compliance with existing rules, a significant element of the illegal

immigration problem is due to overstayers exceeding their visit time limit.

Europe is, and will continue to be, the world‟s most important tourist destination1. Every year

around 300 million citizens cross the EU„s external border: 160 million are EU citizens, 60 million

are third country nationals (TCN) who did not require visas and the remaining 80 million are third

country nationals who did2. The passenger flows at the external borders of the EU have been

growing and will continue to increase in the future. To appreciate the overall yearly movement

across EU27 external borders, data3 from Member States show that there were 878 million in

2006. This will challenge every MS in their objective of facilitating legitimate travel and trade

while protecting their economies and societies against the threat of organised crime, illegal

immigration and terrorism.

The largest number of EU crossings occur at airports, with land borders being the next most

recurrent. The EU currently has 1792 external borders points, of which 665 are air based (major

airports), 871 sea borders and only 246 are land borders. While borders need to remain open for

trade, the movement of people and regional cooperation need to be effectively closed to unlawful

activities. This means that the design of integrated border management solutions is critical when

it comes to harmonizing the diverse legislation corpus, operational approach, financial solidarity

and technical capabilities across the MS.

To cope with these issues, the Council adopted in June 2002 a plan for the management of the

EU external borders, a holistic approach for the integrated management of external

borders (see also Annex III).

The implementation of this European Integrated Border Management Strategy consists of

the following dimensions (according to the definition given by the EC):

• Border Control (checks and surveillance) as defined in the Schengen Borders Code,

including risk analysis and crime intelligence

• Detection and investigation of cross border crime

• Four-tier access control model (measures in third countries; cooperation with

neighbouring countries; border control; control measures within area of free movement,

including return)

• Inter-agency co-operation for border management (border guards, customs, police,

national security, etc.) and international cooperation

1 World Tourist Organisation (WTO): Vision 2020 Volume 4 pag.48. 'Tourism' also includes travelling for the purposes of improving one's professional qualifications and health. 2 The figure was calculate by adding the number of trips of EU residents outside EU27 with the number of Third Country Nationals travelling to EU27 3 Member States do not record such movements in a coherent manner, so the rates are based on estimations or samples.



The challenge is to strike an appropriate balance between the free movement of travel and

trade within Europe and the state-of-the-art border control & management systems to

efficiently combat illegal migration, organised crime and terrorism with modern

approaches.

“Border Control” is defined as the activity carried out at a border, in accordance with and for the

purposed of the Schengen Borders Code, in response exclusively to an intention to cross or the

act of crossing that border, regardless of any other consideration, consisting of border checks and

border surveillance. It is hence composed of two major axes:

- Integrated Management of the EU external borders (checks)4

• Registered Traveller scheme

• Electronic System of Travel Authorisation

• Entry/Exit system for third country nationals

- Integrated European Surveillance System

The EC took the first steps towards a new border management strategy in February 2008, with

the plan for setting up an Entry-Exit System (EES) and a Registered Traveller‟s Programme (RTP)

at the EU‟s external borders. An additional major milestone has been recently been achieved with

the setting up of a dedicated Regulatory Agency responsible for the long term operational

management of the large scale IT systems proposed by the Commission5 (June 2009).

Border Management consists of the verification of people, vehicles and goods at

regulated land or maritime check points to determine if their movement is authorised6.

This involves identity checks and searches against various databases of known individuals that

should be apprehended or denied entry to the territory along with advanced analytical techniques

to identify those high risk people, goods and vehicles.

The value and importance of comprehensive EU border instruments and programmes are in

principal established however the relevant political, legal, technical and operational steps that

need to be taken to better face the challenges posed by globalisation, evolving security threats

and mobility require further effort.

Gaps and Needs

The free movement of people and goods across European internal borders is one of the greatest

achievements of European integration. While Member States remain responsible for controlling

their own borders, an European policy for Integrated Border Management is critical to harmonize

4 As defined in the EC Communications “Preparing the next steps in border management in the European Union”, COM(2008) 69 of February 2008. 5 The core mission of the Agency would be to fulfill the operational management tasks for Schengen Information Systems II (SIS II), Visa Information System (VIS) and EURODAC, keeping the systems functioning in a 24*7*365 basis; The Agency will also be responsible to adopting the necessary security measures, reporting, statistics, training, research activities and, upon EC request, the implementation of the monitoring of pilot schemes 6 “New tools for an integrated European Border Management Strategy”, MEMO 08/05; Preparing the next steps in border management in the European Union, COM(2008) 69 final



the diverse legislation corpus, operational approach and technical capabilities, and needs a strong

integrated EU border strategy.

According to the Communication of 13 February 20087, the Commission acknowledges a series of

shortcomings:

The data contained in travel documents are transmitted, at the request of the Member

State of destination, as required by a Directive of 29 April 2004 on the obligation of

carriers to transmit passenger data but cannot be used to prevent a person from arriving

at the border crossing point of that State;

The EU's all-or-nothing consular approach to visas means that either all nationals of a Non-

EU Member Country are subject to the visa requirement or they are not. Those who are not

are not subject to any checks before they arrive at the destination Member State;

With the exception of Non-EU Member Country nationals covered by the Local Border

Traffic Regulation, Community law does not allow for simplifying checks for frequent

travellers to the Schengen area, notably those holding multiple-entry visas;

Since the dates of movement of Non-EU Member Country nationals across the external

borders are not recorded, there is no way of systematically detecting overstayers;

Given some practical difficulties such as illegible stamps on travel documents, it is unsure

whether border authorities could determine an individual's length of stay. Moreover, there

are no means for Member States to share any data that may be collected.

The above issues are the reason why the Commission has highlighted the need to develop a new

Integrated Border Management strategy with key programmes such as the Registered

Traveller Programme, Automated Gates, an Entry/Exit System and the Electronic

System of Travel Authorisation (ESTA).

Any improvements should be organized around two levels:

a) Operational and Technical Challenges;

b) Political Challenges.

Operational and Technical Challenges

Issues for the implementation of existing measures (SIS, VIS II)

The VIS and SIS II systems are not yet fully operational. Their successful implementation is

needed to provide the foundations for the deployment of an entry / exit system and to

comprehensively assess relevant operability and reliability issues.

The information on how these systems will be integrated and how they interact within the existing

framework may still be regarded as an open issue. Up to now, the systems have been developed

7 COM (2008) 69 final: Preparing the next steps in border management in the European Union



independently to each other; therefore it has been difficult to fully exploit potential synergies,

resulting in higher costs and lower efficiencies.

Additional measures and functionally may be required to determine whether an Entry-Exit System

(in conjunction with other proposed IT systems) would lead to a reduction in illegal immigration.

At the moment, no relevant information is recorded electronically for entry / exit events at border

crossing across MS. This leads to difficulties in automatically determining whether a Third Country

National (TCN) has the right to remain in the Schengen area. This inconsistency is likely to affect

overall border control performance.

The current border checks still largely involve manual processes and as such, are not providing

satisfactory solutions to deal with ongoing traffic growth and the changing and complex security

environment.

The passport approach lacks homogeneity: EU citizens are being migrated to ICAO compliant

electronic passports, in contrast with many TCN travellers.

Neither is there consistency regarding the current biometric data that is held on EU citizens‟

passports and across TCNs, which leads to contradictions and vulnerabilities in terms of facilitating

border crossings due to the different verification practices that need to be applied to deal with the

different categories of travellers.

Biometrics, Background Checks and Intelligence

Biometric technologies offer a mean of identifying individuals. A relatively simple application in

border management is to check that the person using a passport or visa to enter the country is

the same person it was issued to. This is useful to robustly enforce immigration rules and to guard

against low-level identity or document fraud.

Moreover, biometrics is used in several EU programs related to the flux of persons entering the

Schengen Space such as VIS/BMS, EURODAC but also the future Entry/Exit program related to

regular visa holders that overstay in the Schengen space after expiration of their visa.

One of the potential difficulties that should be overcome is related to the use biometric records

shared between Member States accompanied by decoding biometric templates that are held in an

encrypted form on passport chips and databases, and with sharing and managing the necessary

cryptographic keys.

A step further in this area is to be able to perform more comprehensive checks to understand

“who is the person attempting to cross the border” and “what risks might they pose on entry to

the country”. This requires automated risk analysis based on a wide range of information sources

including immigration, crime and intelligence records. This is related to some deeper Background

Checks and Intelligence that needs deeper EU cooperation between the MS authorities in charge

of the information gathering.

The key challenges are:

- Agreeing on the technical standards for the use of biometrics in the context of border control –

the use of for instance, fingerprints, facial and iris to enable inter-operability of biometric data

across Member States, providing sufficient recognition probability and minimum false alarm

rate for an individual.



- Interoperability of encrypted biometrics data and public key sharing and handling in the 27

MS.

- Building common procedures and rules of biometric checks in the different MS and agreeing on

sharing of biometrics data.

- Different level of privacy issues sensitiveness related to the creation, the handling and of the

destruction concerning of biometrics data in different MS.

Political and Legal Challenges

Data Privacy, Protection and Management Issues

Modern effective border management inevitably involves the collection of large amounts of

personal data on travellers. This is to help manage the immigration and asylum systems and to

prevent crime by identifying criminal suspects or fugitives. This is probably the most controversial

aspect of border management as any large official database raises popular concerns about the so-

called “Big Brother” state and the misuse of official data.

This concern has led to the evolution of a comprehensive range of data protection legislations at

national and EU level, governing the collection, storage and sharing of personal data held by

governments and commercial organizations. In general these laws ensure data is: a) only

gathered by governments when justified by public policy; b) only stored for as long as is

necessary before being destroyed; c) is not shared more widely than strictly necessary.

These laws have not eliminated public concern about state databases. This concern probably

reflects a general mistrust of governments – a mistrust which varies in strength around the EU, as

a result of Member States‟ recent history and culture. This mistrust means the development of

data handling systems must include clear and transparent safeguards for personal data.

Governance and Administrative Issues

Challenges driven by technology should be progressively addressed by MS, which should reinforce

their coordination efforts between public administrations. Today, political constraints to an

integrated solution remain high due to their sovereignty considerations

Current checks procedures and policies remain inconsistent between Members States and some

local issues (activities in Dover, UK‟s Channel tunnel or Canary Islands) require unique methods to

tackle their issues.

Political constraints to an integrated solution due to the sovereignty considerations of

Member States.

Over a number of years, a fragmented landscape of systems and processes has been

developed.

Policies and checks can vary between Member States.

Local issues such as activity around Dover and the channel tunnel in the UK and activity in

the Canary Islands, Spain require unique methods to tackle these issues.



An one-stop integrated border control solution would need to find the right balance between

greater interoperability, seamless intelligence sharing between MS, and the flexibility required to

allow border agencies to apply the right profiles and deploy the resources to respond effectively to

local priorities as well as EU-wide issues.

Proposals for a Change: EOS recommendations

The EU´s policies are being continuously developed and strengthened to better respond to the

new threats and trends and to take advantage of new technologies to provide Europe with the

tools to bring its border management into the 21st century. We believe that the improved

management of passengers, vehicles and goods movements should take full advantage

of a rapidly evolving technology landscape.

In this context, we welcome the creation of the new dedicated Agency to deliver and operate the

large scale IT systems within DG JLS, since common management will bring relevant synergies

and economies of scale to the current systems.

We believe that by integrating and complementing the various activities supported in the past and

currently being supported at the EU and national level that the proposals will fully benefit from

important ongoing work and the successful deployment of new applications and services that have

emerged.

In support of the EU-wide border management policy objectives we propose the following

recommendations to foster Integrated Border checks across the EU.

Recommendation 1 – Create a public-private “EU Border Checks Task

Force” to examine ways and means to develop a harmonised approach to

EU border checks and prepare the introduction of a “one-stop integrated

border control concept”

Create a public–private “EU Border Checks Task Force”, to examine ways and means for

the introduction of a “one-stop integrated border control concept” as a fundamental step

to achieving the envisaged one-stop Entry / Exit system, the Registered Traveller Programme etc.

This advisory group, should provide support to the European Commission (DG JLS, FRONTEX,

etc.) and concerned Member States Administrations with the following actions:

1.1 development an EU-wide integrated vision, (encompassing all issues linked to the

checks and controls carried out to people and goods), coordinating the existing and

envisaged networks and systems in a clear and strategic scenario;

1.2 proposal of architectures and envisage solutions (composed of building blocks

based on innovative technologies) to satisfy, within the limit of legal environments and

a common technical frame, regulatory requirements for the control of people and



goods, removing unnecessary barriers to their mobility; re-using existing infrastructure

and capability where possible;

1.3 analysis of available and future technologies (e.g. advanced identification such as

biometric technologies, passport swipes and image recognition for People; Automatic

Number Plate Recognition (ANPR) for Vehicles; RFID for goods) to strengthen ID

authentication processes and secure data handling etc. for the creation of

harmonised and interoperable systems, always in the strict respect of MSs‟

sovereignty;

1.4 promotion of greater cooperation between Member States by enabling seamless

intelligence sharing through interoperable systems and supported by the

harmonisation of rules applied to border checks, while maintaining appropriate data

protection and privacy.

EOS, via its Members, would act as the advisory on industrial issues to this Task Force,

for further discussion regarding the development of systems which, in time, will form the

backbone for implementing critical European border policy objectives, helping defining the best

solutions industrially feasible and cost effective with respect to the agreed requirements.

Recommendation 2 – Create an EU funded Programme to design, develop

and implement an Integrated Management system for regulated Borders,

leveraging on the suggestions of the “EU Border Checks Task Force”

Whilst acknowledging and supporting the development of programmes already established8 to

facilitate the move to an integrated border management, EOS suggests an alliance of all

relevant parties (EC, EP, MS, and Industry) to foster develop and implement an

architecture enabling a pan European Border Checks roadmap leading to an effective

Integrated Boarder Management system. A central theme of the Programme should be to

foster the notion of automation for all border clearance.

The Integrated Management of EU Borders will increasingly rely on the exchange of information

(both for checks and surveillance), thus requiring solutions for the increasing needs for

coordination and interoperability between national (ICT) systems and networks,

possibly leveraging on common information system architectures and procedures.

2.1 This Programme should therefore target the design, development and implementation

of architectures and EU Reference solutions (with interoperable building blocks

based on innovative technologies), leveraging on the suggestions of the “EU Border

Checks Task Force” that satisfy, within the limits of the legal environments and of a

common technical framework, regulatory requirements for the control of people and goods,

avoiding unecessary constraints to their mobility.

8 Registered Traveller Programme (RTP), Entry/Exit System (EES), Customs Security Programme (CSP), Authorised Economic Operators (AEO)



Recommendation 3 – Design & Development of an EU architecture for

Border checks, consisting of EU Reference Solutions and Building Blocks

Increased coordination and more comprehensive funding efforts for design and development

activities for an EU approach on Integrated Border Management can be reached through a dual

“Top-Down / Bottom-Up” approach: it will indeed have the potential to enhance European

capabilities and provide for a common border checks picture.

“Top-Down” approach:

3.1 Development of a harmonised architecture for integrated border management allowing the

progressive integration of future national systems, while driving the development of EU

Reference Solutions9 (composed of “Building Blocks”), fitting the requirements of

the global Architecture.

3.2 Design, develop and validate common and interoperable “EU Reference

Solutions” (consistent with the Global Management Architecture), including not only

technology standards for interoperability, but also best practices, policies, common

requirements and coordinated procurement approaches.

3.3 Engage with the end-users (front-line officers) in the individual Member States to

ensure that individual agencies and the front-line officers’ views are included in

the design of specific solutions and to enable business processes to be adapted to

take advantage of these new solutions.

This course of action would require the EU to take an “enterprise architecture approach”10 and

would require industry-wide collaboration to leverage the whole community to create the

architectural framework within which in-service and future operational systems could be

progressively introduced and federated.

Indeed, an EU Reference Solution which individual MS would then be able to use as a core

template solution or use for the purpose of integration testing would promote interoperability.

Standardisation, testing, certification and quality processes should continue to be based on

common EU policy requirements.

“Bottom-Up” approach

3.4 Development of “Building Blocks” (composing “EU Reference Solutions”) in EU

R&D activities (biometry, trusted procedures, intelligence tools, etc.).

3.5 Increased coordination and cross fertilisation of existing (and future) initiatives

through an explicit “clustering” mechanism that aggregates all relevant EC

activities (FP7, ESRIF outlook, MS R&D programmes etc.). Such clustering would better

9 European Reference Solutions: technologies and capabilities developed and validated following common operational needs, criteria and EU security strategies, for specific missions to increase, when needed, interoperability or compatibility of solutions. 10 Enterprise architecture is the organizing logic for business / operational processes and IT infrastructure reflecting the integration and standardization requirements of the organisation‟s operating model



allow capability gaps to be tackled, identify technological challenges and address the needs

for an Integrated Border Management. We would favour the new regulatory Agency being

responsible for this approach.

Recommendation 4 – Support the interoperability and the

standardisation of border management tools and processes in order to

foster the efficiency of the process of information sharing between MS

In developing Europe‟s architecture for border management, the sharing of data and

information is highly likely to be key issues in tackling the security threats.

Interoperability, connectivity and synergy between different systems and databases

will be critical to provide national agencies and authorities with the information required to

accomplish their institutional duties.

To reinforce the current EC initiatives and enhance the effectiveness and efficiency of the EU‟s

border checks activities whilst ensuring interoperability between the different national authorities,

we recommend that the EU:

4.1 Develop minimum / optimum technical requirements for interoperability

purposes and specification of common technologies for performing border checks;

4.2 Develop uniform technology standards regarding the storage, exchange and

sharing of data with well defined compatible interfaces allowing valid exchange

of data;

4.3 Proof of interoperability standards through pilot projects that enable individual

Member States to focus on solutions for their specific challenges while still meeting the

interoperability commitments required for EU-wide integrated border management.

Recommendation 5 – Support progressive implementation of EU

Integrated Border Management activities and of an EU architecture for

Border checks with components of EU Reference Solutions

5.1 Further support the implementation at national level of Border Management systems

and the roll-out of the EU visa policy and secure information exchange tools with the

already adopted databases and EU systems (VIS and SIS II).

5.2 Create of a series of pilot projects to prove the feasibility and viability of

solutions (possibly EU Reference Solutions) to address specific border

management gaps (e.g. mobile biometrics, network-based risk targeting and intelligence

approaches, land border data capture) and to apply lessons learnt prior to committing to

large scale EU-wide implementation.

5.3 Focus on the benefits of integrated border management to citizens, businesses and end-

users to develop a prioritised region-by-region implementation plan, providing via



the proposed Integrated Border Management approach, front-line officers with more

effective tools to make better informed decisions to secure borders.

5.5 Implement a framework for acquiring comprehensive and accurate pre-departure

and pre-arrival passenger, vehicle and goods information, expanding the use of

EU_PNRs (Passenger Named Record) and the acquisition of Third Country data under the

Customs Security Programme (CSP), in compliance with data privacy legislation.

Roadmap

To support and foster the development of EU-wide Integrated Border Management, we propose

the following set of actions for the consideration of the EC, the newly appointed Agency and,

where appropriate the individual MS.

Short term measures at EU level [2010-12]

o Create a Public Private Dialogue (“EU Border Checks Task Force”) alongside relevant

stakeholder (MS, EC, new Regulatory Agency, EU Agencies, Industry, etc) to form a broad

alliance and strong cooperation based on trust.

o Promote feasibility studies on the design and implementation of automated border

clearance.

o Foster and develop minimum requirements for Border Checks technologies;

o Promote the introduction of land Entry / Exit solutions.

o Proposal for constant co-operation to further develop on interoperability and

standardization issues, in terms of technology, language and doctrine.

o Further encourage Research and Development activities related to Border Management,

especially on identity management, biometrics, interoperability, data distribution,

developing and validating “EU Reference Solutions”.

o Provide the new European Commission, the European Parliament and Member States with

the means to justify the creation of an EU Programme for an Integrated Border

Management (Checks) and consequent financial support to be envisaged in the 2014 –

2020 EU financial perspectives.

Medium term measures at EU level [2013-16]

o Proposal for the necessary policies and regulations to have an EU consistent record of the

entries and exit of travellers across the Schengen area.

o Proposals for the necessary policies and criteria to create an interoperable EU RTP:

Definition, design and build of a common RTP architecture across EU.

o Promote the creation of a pilot project to weight the required functionalities, the notion of

automation for all border clearance, carry out biometric verifications and explore Entry/

Exit functionality.



o Promote the development of interoperable systems between neighbouring countries, tested

by means of pilot projects implemented by basin. These pilot projects will pursue the

objective of assessing the technical feasibility of an integrated RTP and Entry / Exit

Systems.

Long term measures at EU level [2016-20]

o Foster the deployment of automated border clearance across EU and Third countries

according to the proposed architectures and solutions.

o Introduce the newly developed components in which EU Reference Solutions will be

implemented incrementally across Europe.

o Introduce the newly developed components in which EU Reference Solutions will be

implemented incrementally across Europe, updating and integrating the existing systems,

while adding new components.



About EOS

The European Organisation for Security – EOS – was created in July 2007 by European

private sector suppliers and users from all domains of security solutions and services. EOS has

today 34 members, representing 12 European Countries. EOS focuses on the market side, and

seeks to develop close relationships with the main public and private actors.

The main objective of EOS is the development of a consistent European Security Market

sustaining the interests of its Members and satisfying political, social and economic needs through

the efficient use of budgets and the implementation of available solutions in priority areas, in

particular with the creation of main EU Security Programmes.

To develop the security market we:

support the development of civil security & resilience systems and related services

with innovative European approaches that can be used in the global security market;

support the effective implementation of existing / future solutions and services

(developing interoperable and consistent architectures, interfaces, innovative

methodologies and / or common procedures, best practices, pilot projects, etc) focusing

resources on market priorities.

In order to achieve these objectives, and believing in the benefit of an effective dialogue

between all relevant stakeholders, EOS welcomes any suggestions and comments to its White

Paper.

EOS Members

HOW TO REACT TO THE WHITE PAPER

Reactions to this White Paper may be sent directly to [email protected]

Alternatively, you could post your comments to:

European Organisation for Security (EOS)

270 Avenue Tervuren Bruxelles 1150

mailto:[email protected]



EOS Border Management sub - Working Group Participants

This White Paper is a collective endeavour of the EOS Border Management sub - Working Group

during the last 2 years, with the participation of:

SAGEM Sécurité Krassimir Krastev WG Chairman / WP Editor

BAE Systems - Detica Nefyn Jones WP Editor

ALTRAN Jean-Philippe Perin

ALTRAN Cecile-Liv Müller

ALTRAN Pascale Lardin

ALTRAN Silke Nikolay

ALTRAN Mathias Julien

BAE System – Detica Ben Bridge

BUMAR Edward E. Nowak

BUMAR Monika Swiech

CEA Frédéric Laurent

EADS Julien Feugier

EADS Robert Havas

EDISOFT Antonio Sousa

ENGINEERING Giuseppe Paladino

ENGINEERING Dario Avallone

FINMECCANICA/SELEX SI Gustavo Scotti di Uccio

FINMECCANICA/SELEX S.I. Eugenio Creso

FINMECCANICA/SELEX S.I. Francesco Frau

G4S Mike Clarke

HAI Evangelos Ladis

IBM Peter Stremus

IBM Gerardo Zuliani

INDRA Sonia Gracia Anadon

INDRA Carlos De Miguel

INDRA Javier Warleta

SAGEM Jean Marc Suchier

SMITHS HEIMANN Nicolas Dumay

SMITHS HEIMANN David Delfanne

SMITHS DETECTION Caroline Persson

SMITHS DETECTION Magnus Ovilius

THALES Yves Lagoude

THALES Lionel Le Cleï

EOS Hugo Ganet Senoko WG Support

EOS Luigi Rebuffi WG Supervision



EOS’ competence

A list of EOS Members’ competences/ areas of knowledge relevant to the domain is the following

(based in Staccato Taxonomy)

Technologies-Components

109 Opto-electronics: Laser, optics and related devices

110 Sensor Technology and Components

111 Electronic components

112 Signal processing technologies

113 Information technologies

114 Artificial Intelligence & Decision support

115 Simulation tools and technologies

116 Computing Technologies

117 Information Security Technologies

118 Communication technologies

Equipments and sub systems

200 Sensor Equipments

201 Signal Protection

202 Identification equipment

203 Biometric equipment

204 CBRN protection and decontamination equipment

205 Navigation, guidance, control and tracking

219 Physical access control and Electronic Authentication Equipment

Systems-Services Functions

300A Risks assessment, modelling and impact reduction

301A Risks and vulnerabilities assessment

302A Risk reduction

303A Protection

304A Exercise and simulation, training

306A Identification

307A Localization

308A Surveillance

300A Intelligence

311A Interoperable secured communications (Security systems architecture)

312A Crisis Operations / Management – C3I

Design-Manufacturing

300B Operating Environment Knowledge & Modelling Technology

301B Systems Engineering and Design Management

302B Systems Certification and Failure Investigation

303B Systems Engineering and Integrated Systems Design

304B Manufacturing and fabrication technology

305B Software design validation and maintenance

306B Simulation and design tools



307B Installations and Facilities

308B Ergonomic and Human factors

Integrated platforms and systems and HFs

407 Identity management systems

408 Integrated Surveillance Systems

411 C2, Information and intelligence systems

412 Networks and information security systems

413 Communication Systems

415 Equipped Personnel

416 Integrated systems of systems

Mission Capabilities

500A Preserve the functioning of the State

501A Ensure Identification and control of goods and people

502A Ensure and Maintaining Law and Order

503A Ensure Economic Security

504A Protection of citizens (goods and people)

507A Control and surveillance of areas

508A Protection of areas and infrastructures

509A Protection of networks

510A Protection of environment (before, during and after)

511A Security of transport

512A Crisis management



Annexes

Annex I - Background

Border Management consists of the verification of people, vehicles and goods at regulated land or

maritime check points11. It involves identity checks and information searches against various

databases of known persons to be either apprehended or denied entry to the territory and the use

of advanced techniques for identifying the high risk. The passenger flows at the external borders

of the EU have been growing and will continue to increase in the future, posing a challenge to

every MS.

Two main objectives have been defined by the EC: ensuring the smooth crossing of passengers

and guaranteeing the internal security of the Schengen area. Due to the huge number of people

crossing Europe every year, this is, undoubtedly, a daunting task.

In this context, the EC has also proposed an integrated European Border Management Strategy

(EBMS). The concept of an EBMS involves combining control mechanisms and the use of tools

based on the flows of persons towards and into the EU. It comprises measures taken at the

consulates of Member States in third countries, measures in cooperation with neighbouring third

countries, measures at the border itself, and measures taken within the Schengen area.

In addition, the EC has proposed new tools for EBMS which included the introductions of an EES,

allowing the electronic recording of the dates and exit of Third Country Nationals (TCN) in and out

the Schengen area, the introduction of automated border crossing facilities for EU citizens and

certain TCN and the introduction of an Electronic Travel Authorisation system (ETAS)12.

Travellers from certain third countries are subject to visa obligations. A first check of whether they

fulfil the conditions of entry and stay takes place in conjunction with the visa application at the

consulates of MS in third countries. TCN requiring a short stay visa will be checked against the

Visa Information System (VIS), on which EC and European Parliament (EP) reached a rollout

agreement. The VIS objective is to verify the authenticity of the visa and the identity of the holder

by biometrics means. According to the Schengen Borders Code, TCN are subject to a thorough

check for the length of stay and checked against the Schengen Information System (SIS) to verify

they do not represent a threat to public policy, public health or internal security.

Annex II13 - Current Tools for Border Checks in the European Union

The Border Control covers two types of activities: Border Surveillance and Border Checks. The

Schengen Convention and the Schengen Borders Code define three types of external borders: air

borders (airports), sea borders and land borders (rail and road); The authorities responsible for

border checks vary depending of the MS, but normally are border guard, police and customs. The

variety may mean different types of border checks systems.

11 “New tools for an integrated European Border Management Strategy”, MEMO 08/05; Preparing the next steps in border management in the European Union, COM(2008) 69 final 12 A definition and scope of the mentioned tools may be found in Annex I 13 COM (2008) 69 final, SEC (2008) 154,



Checks might be divided in three parts: pre border, tirst line border and second line border.

1. Pre border checks are carried out before the TCN gets into a MS with the objective of

transmitting information on passengers before their arrival at the Border Check Point. The

compulsory information submitted by carriers to the Border Check authorities is based on

Advanced Passenger Information (API) and Passenger Name Record (PNR), the latest

restricted to air borders.

2. First line checks are the activities undertaken by the national authorities for border

checks on the entry and exit of any traveller crossing the Schengen area. Targeted to EU

citizens and TCN, the checks mainly cover controlling and verifying the validity of the visa

and the required stamping of travel documents. Whilst EU citizens are guaranteed free EU

movement and minor, if any, checks, TCN are subject to thorough checks.

3. Second line checks takes place when an officer identifies an abnormality during the first

line check and further thorough checks are needed.

There are currently three large scale information technology (IT) systems in the area of DG JLS

whose operational management has been entrusted to the EC: SIS II, VIS and EURODAC.

Following an impact assessment to study the different options for the Management of SIS, VIS

and EURODAC, the EC has created a new Agency whose core mission will be to fulfil the

operational management of those systems, keeping them functioning on a 24*7*365 basis. The

new Agency will be also responsible for the management of security, statistics and reporting while

also meeting diverse needs such as training, research or even the implementation of pilot

schemes.



Schengen Information System (SIS) and SIS II

The Schengen Information System (SIS) is a computer network for the collection and exchange of

information relating to immigration, policing and criminal law for the purpose of law enforcement

and immigration control.

The SIS contains data (alerts) on persons and objects which are necessary for the purpose of

maintaining the Schengen territory an area of security and justice. The SIS currently stores

around 15 million records including, roughly, 11 million ID Documents, 1.5 million Vehicles, 1

million persons, 400.000 blank documents, 300.000 firearms and 250.000 banknotes.

The system was designed to cope with 18 MS (15 MS, Iceland, Norway and one in reserve). Due

to technology obsolescence, a second technical version is in preparation (SIS II) which will include

new types of data.

The setting-up of the second-generation SIS is an absolute prerequisite for the involvement of the

new Member States in the area without internal frontiers. SIS II and SIS share the same technical

concepts. SIS II will facilitate the exchange of information on persona and objects between

national authorities responsible for border controls and other customs and police checks. SIS II

will benefit from developments in the field of IT and allow the introduction of new functionalities

such as the possibility to include biometric data.

SIS contributes to the implementation of the provisions on the free movement of persons (Title IV

of the Treaty) and to the judicial cooperation in criminal matters and police cooperation (Title VI

of the Treaty). This information is shared among the participating countries of the Schengen

Agreement Application Convention (SAAC).

Although the Republic of Ireland and the United Kingdom, have not signed the SAAC, they take

part in the Schengen co-operation under the terms of the Treaty of Amsterdam, which introduced

the provisions of Schengen Acquis into the European Union. Schengen Acquis allows the United

Kingdom and Ireland to take part in all or part of the Schengen arrangements. Ireland and the

United Kingdom will use the SIS for law enforcement purposes. They will not have access to the

Article 96 data, because they do not intend to remove the border controls between themselves

and the rest of Europe. European citizens still have the right of free movement to the UK but they

must pass through a border control point unlike in the rest of the Schengen signatories where

these have been abolished between the Schengen countries. In 2006, Ireland implemented

Directive 2004/38/EC, E.U free Movement of Persons directive as Irish Statutory Instrument S.I

656/2006

Visa Information System (VIS)

VIS is a system for the exchange of visa data between Member States in order to:

a) improve internal administration with regard to the common visa policy and thus prevent

European visa shopping;



b) contribute to the fight against internal terrorism and

c) fight against illegal immigration.

It consists of a Central Visa Information System (CS VIS) with an interface in each MS which

provides a connection to the relevant central authority of each MS.

It will be the IT based instrument for supporting the implementation of the common visa policy

and facilitating effective border control by enabling authorised national authorities to enter and

update visa data, including biometric data and to consult it electronically. It will be based on a

centralised architecture and a common technical platform with SIS II.

Once the full functionalities of VIS can be exploited the system will store biometrical data

(photograph and ten fingerprints) on up to 70 million people concerning visas for visits to or

transit through the Schengen Area as well as written information such as the name, address and

occupation of the applicant, date and place of the application, and any decision taken by the

Member State responsible to issue, refuse, annul, revoke or extend the visa.

SIS and VIS are being developed by the EC, which is also entrusted with their operational

management.

EURODAC

Eurodac is a fingerprint database that stores and compares the fingerprints of asylum applicants

and illegal immigrants and allows Member States to determine the State responsible for

examining an asylum application according to Dublin II Regulation. The EURODAC collects data for

any asylum applicant over 14 years of age and comprising: fingerprint and control images, data of

the application, the Member State where the asylum application is filled and the gender of the

applicant.

EURODAC has been developed by the EC and it is responsible for operating the Central Unit and

ensuring the security of data transmission.

SISone4ALL

Due to delays in the SIS II deployment, Portugal offered a modified version of its SIS 1+ system

to new Member States. The Czech Republic, Estonia, Hungary, Latvia, Lithuania, Malta, Poland,

Slovakia, and Slovenia accepted the Portuguese proposal and use the new system until the SIS II

deployment. This version, named SISone4ALL, which was developed by SEF (Portugal's Border

and Foreigners Service) and Critical Software Technologies, was deployed in 2007 and allowed the

adherence of participant new Member States to be on schedule.

Switzerland has now also decided to join Schengen using SISone4ALL before SIS II deployment.



Biometric Matching System (BMS)

The Biometric Matching System (BMS) is an information search engine that can match biometric

data. It can be seen as a subsystem of the VIS as each fingerprint image stored in the VIS is

linked to a biometric template stored in BMS. MS never directly communicate with BMS.

The BMS system design structure follows a Service Oriented Architecture that allows it to provide

biometric matching services to other systems such as SIS II and EES.

Entry/Exit System (EES)

The Entry/Exist System (EES) is a central conceptual part of the Commission‟s Communication on

preparing the next steps in border management in the European Union. The EES would technically

enable the electronic recording of entry and exit information of third-country nationals admitted

for a short stay to the Schengen area. For both visa holders and visa exempt nationals it allows

consultation of the data stored by the relevant authorities. The system would generate an alert or

notification when the legal entitlement of a third-country national to stay in the Schengen area

has expired and there is no record in the system that the individual has left the territory.

The EES would build on the technical infrastructure put in place by central authorities and Member

States to accommodate the VIS and associated Biometric Matching System (BMS). If consensus is

reached, EES could become operational around 2015.

Registered Traveller Programme (RTP)

The Registered Traveller programme (RTP) aims to facilitate border checks for third-country

nationals, who have voluntarily chosen to pre-enrol their biographic and biometric data, and have

undergone a vetting procedure according to pre-defined criteria. Due to the chronological

decoupling of the introduction of data introduction and travel, registered travellers would be able

to use automated facilities at certain border crossing points where available, allowing for

expedited border checks while maintaining a high level of security.

The technical infrastructure of RTP would also build on the pre-existing structures put in place by

central authorities and Member States for the establishment of BMS and VIS.

Electronic System of Travel Authorisation (ESTA)

The European Commission will examine the possibility of introducing an electronic system of

travel authorisation. Such a system would apply to third-country nationals not subject to the visa

requirement who would be requested to make an electronic application supplying, in advance of



travelling, data identifying the traveller and specifying the passport and travel details. The data

could be used for verifying that a person fulfils the entry conditions before travelling to the EU,

while using a lighter and simpler procedure compared to a visa.

The Commission intends to launch a feasibility study in 2008 that analyses the practical

implications and Electronic System of Travel Authorisation. The result of the study should be

presented to the European Parliament by the end of 2009.

Passenger Name Record

PNR is a proposal of the Commission for persons arriving by air, essentially equivalent to the

information contained in the flight reservation. This information is also translated just before or in

relation with boarding to law enforcement authorities. This system would apply to all Member

States as it is not linked to the Schengen cooperation as such. The transmission of PNR data

takes place for the purpose of preventing terrorism and organised crime, not for border checks.



Annex III – Main EU legislative measures

Council Decision 2002/463/EC, of 13 June 2002, adopting an action programme for

administrative cooperation in the fields of external borders, visas, asylum and immigration

(ARGO Programme)

Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System

(VIS)

Council Regulation 2007/2004/EC of 26 October 2004 establishing a European Agency for

the Management of Operational Cooperation at the External Borders of the Members States

of the EU

Council Decision 2004/867/EC of 13 December 2004 amending Decision 2002/463/EC

Council Regulation 2252/2004/EC of 13 September 2004 on standards for security features

and biometrics in passports and travel documents issued by Member States

Council Regulation (EC) No 562/2006 of the EP and the Council of 15 March 2006

establishing a Community Code on the rules governing the movement of persons across

borders (Schengen Borders Code)

Decision No 895/2006/EC of the EP and the Council of 14 June 2006 introducing a simplified

regime for the control of persons at the external borders based on the unilateral recognition

by the Czech Republic, Estonia, Cyprus, Latvia, Lithuania, Hungary, Malta, Poland; Slovenia

and Slovakia of certain documental as equivalent to their national visas for the purposes of

transit thought their territories

Decision No 896/2006/EC of the EP and the Council of 14 June 2006 establishing a simplified

regime for the control of persons at the external borders based on the unilateral recognition

by the Members States of certain residence permits issued by Switzerland and Liechtenstein

for the purpose f transit thought their territory

Council Regulation (EC) No 1932/2006 of 21 December 2006 amending Regulation EC No

539/2001 listing the third countries whose nationals must be in possession of visas when

crossing the external borders and those whose national are exempt from the requirement



Annex IV 14– Border crossing points and border crossing

MEMBER

STATES

LAND BORDERS SEA BORDERS AIR BORDER TOTAL

BELGIUM 2 6 6 14

CZECH REP 0 0 19 19

DENMARK 0 133 38 171

GERMANY 0 119 131 250

ESTONIA 7 39 7 53

GREECE 11 53 29 93

SPAIN 4 32 31 67

FRANCE 9 42 108 193

ITALY 0 108 50 158

CYPRUS 0 7 3 9

LATVIA 16 9 4 29

LITHUANIA 29 2 4 35

LUXEMBOURG 0 0 1 1

HUNGARY 27 1 10 38

MALTA 0 3 4 7

NETHERLANDS 0 12 9 21

AUSTRIA 0 2 70 72

POLAND 29 19 20 68

PORTUGAL 0 22 8 30

SLOVENIA 57 3 3 63

SLOVAKIA 4 1 8 13

FINLAND 26 66 24 116

SWEDEN 0 60 31 91

ICELAND 0 25 5 30

NORWAY 1 76 25 102

ROMANIA 23 10 13 46

BULGARIA 11 11 5 27

TOTAL 256 871 665 1792

14 List of border crossing points referred to in Article 2 (8) of Regulation (EC) No 262/2006 of the European Parlament and of the Council of 15 March 2006 establishing a Community Code on the rules governing the movement of persons across borders

border_management.pdf

Documents

border management version

eu borders

eu architecture

integrated management

integrated approach

european approach

eu funded programme

main eu legislative